ModSecurity给出通用SQL注入保护错误 [英] ModSecurity gives Generic SQL injection protection error

问题描述

我的Cpanel服务器上出现此错误.并非每次更新都发生，只是一些SQL.

I got this error on my Cpanel server. It doesn't happen on every update, just some SQL.

[2017年3月11日星期六:03:48:18.409435] [:错误] [pid 31376:tid 140202228020992] [客户端180.253.119.171] ModSecurity:使用代码500(阶段2)拒绝访问.模式匹配(((alter | create | drop)[[:space:]] +(column | database | procedure | table)|| delete [[:space:]] + from | update.+ set.+ =)" ARGS:说明. [文件"/usr/local/apache/conf/modsec2.user.conf"] [行"254"] [id"300015"] [版本"1"] [msg通用SQL注入保护"] [严重性严重] [主机名"] [uri"/app/marketwatch/edit-listing.php] [unique_id" WMO50kPhgfkAAHqQRtMAAACP]

[Sat Mar 11 03:48:18.409435 2017] [:error] [pid 31376:tid 140202228020992] [client 180.253.119.171] ModSecurity: Access denied with code 500 (phase 2). Pattern match "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" at ARGS:description. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "254"] [id "300015"] [rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname ""] [uri "/app/marketwatch/edit-listing.php"] [unique_id "WMO50kPhgfkAAHqQRtMAAACP"]

通常是什么原因导致SQL Injection错误以及如何消除此错误?

What usually cause SQL Injection error and how to get rid of this error?

推荐答案

使用本文解决该问题: https://othermachines.com/blog/drupal-modsec-and-后将保存

Solve it using this article: https://othermachines.com/blog/drupal-modsec-and-post-wouldnt-save

因此，mod_security出现了误报.我不知道它以何种方式使用modsec规则ID 300015而不是像往常一样使用300016并陷入了虚假的安全规则.您可以在[id "300015"]中注意到ID.因此，我在文件/usr/local/apache/conf/modsec2/whitelist.conf中编辑了modsec白名单，并添加了以下内容:

So, the mod_security got a false positive. I don't know somehow it uses modsec rule id 300015 instead of 300016 like usual and caught on false security rule. You can notice the id in [id "300015"]. So I edited modsec whitelisting in file /usr/local/apache/conf/modsec2/whitelist.conf and add this:

# Disable generic SQL injection rules globally
# for Drupal content admin
<LocationMatch /node/[0-9]+/edit> #might vary depending your code
  <IfModule mod_security2.c> # This is the important part
    SecRuleRemoveById 300015
  </IfModule>
</LocationMatch>

<LocationMatch /admin>
  <IfModule mod_security2.c>
    SecRuleRemoveById 300015
  </IfModule>
</LocationMatch>

别忘了稍后重新启动Apache，这样它将生效.

Don't forget to restart Apache afterward so it will take effect.

更新

以某种方式将配置位置更改为/etc/apache2/conf.d/modsec2/whitelist.conf

Somehow the configuration location changes to /etc/apache2/conf.d/modsec2/whitelist.conf

这篇关于ModSecurity给出通用SQL注入保护错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！